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DIRECTOR OF CENTRAL INTELLIGENCE 
SECURITY COMMITTEE 
COMPUTER SECURITY SUBCOMMITTEE 


5 Nov. 1983 
DCISEC-CSS-M158 
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1. The One Hundred and Fifty-Eighth meeting of the Computer Security 
Subcommittee was held on 18 October 1983 at 
McLean, VA. , and was attended by the following persons: 


Chairman 

I Exe cutive Secretary 
CIA 
CIA 
NSA 

Mr. Ralph Neeper, Army 
Mr. Carl Martz, Navy 
Ms. Sue Berg, Navy 

Mr. Robert Graytock, Dept, of Justice 
Mr. Gene Epperly, OSD 

^SECOM Staff 

1 , SECOM staff 

CIA (observer) 


provided a summary of the SECOM Seminar held in 


Va during the week of 10 October 1983. 


Considerable time was spent discussing computer security, with the 
discussions primarily focused on the activities initiated by Dr. 
knder her contract. 


The safeguards for critical systems effort was also a topic of 
discussion at the seminar. The point of this activity is to 
engineer and apply, to "critical systems", a set of fixes. Each 
Intelligence Community agency was requested to nominate a set of 
its critical systems. A determination will be made as to whether 
any of the systems have deficiencies and, if so, what the retrofit 
costs will be. The list of "critical systems” is presently before 
the Deputy DCI, Mr. McMahon. 


on 

to 


The SECOM received a briefing, as requested by 
required computer security R&D. This submission was in tended 
reflect R&D which is desired, but currently unfunded, 
noted that the DoD planning and budgeting for computer security, 
via the Consolidated Computer Security Program (CCSP), had been 
very thorough. Since the R&D submission to the SECOM was intended 
to reflect desired but unfunded programs, the submission was not 
extensive. It was later noted that there is no intelligence 
analysis activity funded as a community activity. This will be 
presented to Dr. Davis as a proposed fy 85 item. $350k will be 
added to the R&D program to support the production of threat data. 


Also discussed were the individual subcommittee budgets, the point 
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being made to the SECOM that these funds represented critical seed 
money which is used to initiate programs which might otherwise 
never see the light of day. It was noted during the discussions 
that several programs which have benefitted from such seed money 
have subsequently been picked up, supported, and augmented by the 
sponsoring Department or Agency (e.g., the IR review program being 
run by the Navy member). 

STAT 3. As a result of the above discussions, reviewed the 

currently proposed DoD R&D program. Enclosure 1 shows those R&D programs 
(CCSP + Individual Agencies) already funded. She pointed out that no money 
was being requested for these programs, but that support for them was 
needed during the budget cycle. Enclosure 2 shows those programs which are 
currently unfunded, and thus could be supported with funds. She also 
pointed out that DoD had proposed $^.4M over guidance, which is being 
strongly supported by the SECDEF. 

4. The Navy member reported on the IR review project, indicating that 
the $70K of Navy fy 83 funds that were being sought were lost. He is 

currently requesting $40K of fy 84 funds from both the Navy and the SECOM. 

He reported that he was also offerred support and funding from the NSA 
COMSEC organization. 

STAT 5. of the SECOM staff, distributed a new proposal for the 

rewrite of DCID 1/16. The paper represents the policy section, and will 

STAT ultimately be accompanied by a regulation. ! ^ pointed out that the 

new document is not organized along the "modes of operation" of the current 
DCID. Rather, it is structured such that decisions are made based upon 
where a system falls along each of the three axes of user clearance range, 
data classification range, and need-to-know range. Since this document had 
not been previously seen by the Subcommittee, there was little discussion 

of the contents. The membership w as asked to h ave reviewed it and have 

STAT comments prepared by the next meeting. also claimed that, by 

direction, all DCID^'s will be classified SECRET, which is contrary to the 
Subcommittee's previous guidance. 

STAT 6. announced his r etirement from governm ent service; he 

STAT will be replaced on the Subcommitte by 

STAT 7. The next meeting was set for 0930 on November 22 at 

STAT 


STAT 


Executive Secretary 
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5 October 1983 


RETORT ON COMPUTER SECURITY RESOURCES 


1. Reference SECOM-D-16S, Subject FY 85 Computer Securitv 
Program, dated 8 August 1983. 

2. Responses to the Reference were sorted according to the six 
general areas identified by the Chairman, (SECOM-D-161 , dated I August 1983). 
A summary of the major funded efforts is contained in Enclosure 1. The 
submissions fall into two categories: by DoD Components (Army, Navy, 

Air Force, DIA, NSA) and by the other Intelligence Agencies (CIA, State 
FBI, DOE). ’ 

should be noted that almost all of the DoD Components^ 
submissions are part of the Consolidated Compiter Security Proeram (CCSP). 

At present the CCSP is funded at the FYDP level for FY1985. An 
overguidance of $9. AM has been requested and is being favorablj’ considered 
by the Secretary of Defense. This increase will support almost all of the 
unfunded tasks identified by the DoD Components. Enclosure 2 identifies 
the remaining tasks for which additional funds could be sought and the 
rationale for this recommendation. 

4. The unfunded submissions from the other Intelligence 
Agencies were examined in light of the CCSP. Those tasks for which 
additional funds could be' sought and the rationale for this recommendation 
are contained in Enclosure 2, also. 

5. While the Reference did not limit the resources requirements 

to RfcrD tasks, there were no additional funds requested specif icallv for O&M 
or Procurements. There is consensus that more resources, both qualified 
people and dollars, are required to adequately administer the computer 
security programs of the member agencies. 


2 Ends : a/s 
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ENCLOSURE 1 

SUMMARY OF FUNDED COMPUTER SECURITY TASKS 


The totals for six subject areas are listed as an example of the 
magnitude and apportionment of the budget. Individual project 
descriptions are available if you are interested. 


FY83 FY84 FY85 FY 86-89 


STAT 


1. POLICY AND STANDARDS 
DEVELOPMENT 


2. THREAT INTELLIGENCE 
COLLECTION AND ANALYSIS 

3. SYSTEM CONTROL R&D 


4. DATA AND MEDIA CON^O 
TROL R&D 

5. ' VERIFICATION TECHNOLOGIES 

6. TRAINING AND PERSONNEL 
DEVELOPMENT 


* 


* 


* 


★ 


★ 


*Budget for these years not known. 
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